I noticed that when I run "grant select on table <> to role <>" it takes some time to see it in "show grants" command.
Is it normal ?
Why is there such delay ?
Thanks
Related
I am not sure if it is possible but can you run DDL the SHOW Role function:
show grants to role SYSADMIN
If I run this it shows me the privs attached to the role in the results field but I would like to run a sub-query on this but it seems to always give me an error.
You can't use the rows in the show command directly (unless you're using an external client and programming the code, such as ODBC, JDBC, Python).
What you can do in a client worksheet is use the results indirectly like this:
show grants to role sysadmin;
select * from table(result_scan(last_query_id()));
To use it in a query, just alias and reference it like a table:
show grants to role sysadmin;
show grants to role my_new_role;
select NR.*
from table(result_scan(last_query_id())) NR
inner join table(result_scan(last_query_id(-2))) SA
on NR."privilege" = SA."privilege"
and NR."granted_on" = SA."granted_on"
and NR."name" = SA."name"
;
You can then use the age-old DBA trick of creating a SQL generator:
select 'grant ' || "privilege" || ' on ' || "granted_on" || ' etc.. etc...' as SQL_COMMAND
from table(result_scan(last_query_id()))
where "privilege" <> 'OWNERSHIP'
;
You can even use an SP to automate execution of the generated commands:
https://community.snowflake.com/s/article/Executing-Multiple-SQL-Statements-in-a-Stored-Procedure
The task should run at 2:27am UTC, but it did not executed.
GRANT EXECUTE TASK ON ACCOUNT TO ROLE SYSADMIN;
CREATE or replace TASK TASK_DELETE3
WAREHOUSE = TEST
SCHEDULE = 'USING CRON 27 2 * * * UTC' as
CREATE OR REPLACE TABLE TEST2."PUBLIC"."DELETE"
CLONE TEST1."PUBLIC"."DELETE";
ALTER TASK TASK_DELETE3 RESUME;
The task [state] = started. Does anyone know why?
If the status shows that the task is started, that means it is enabled and will run in the scheduled times.
You can check the task history to see the previous runs and next run of the task using the following query:
select *
from table(information_schema.task_history(
task_name=>'TASK_DELETE3'));
I was using a different role when I was checking the table in the database. The Task successfully completed at scheduled time.
I am new to Snowflake and am trying to create my first task.
CREATE TASK task_update_table
WAREHOUSE = "TEST"
SCHEDULE = 'USING CRON 0 5 * * * America/Los_Angeles'
AS
INSERT INTO "TEST"."WEB"."SOME_TABLE" (ID,VALUE1,VALUE2,VALUE3)
WITH CTE AS
(SELECT
ID
,VALUE1
,VALUE2
,VALUE3
FROM OTHER_TABLE
WHERE ID NOT IN (SELECT ID FROM "TEST"."WEB"."SOME_TABLE")
)
SELECT
ID,VALUE1,VALUE2,VALUE3
FROM CTE
I got a message that the task was created successfully
"Task task_update_table successfully created"
I then try to run show tasks in schema SHOW TASKS IN "TEST"."WEB" and get 0 rows as a result. What am I doing wrong? why is the task not showing?
I did all of this under sysadmin and was using the same warehouse, db and schema.
There are some limitations around show commands that might be blocking you,
particularly "SHOW commands only return objects for which the current user’s current role has been granted the necessary access privileges".
https://docs.snowflake.com/en/sql-reference/sql/show.html#general-usage-notes
I suspect the task was created by a different role (therefore owned by a different role), or perhaps it was created in different database or schema.
To find it, I'd recommend running the following using a role such as ACCOUNTADMIN.
show tasks in account;
SELECT *
FROM (
SELECT *
FROM TABLE(RESULT_SCAN(LAST_QUERY_ID())))
WHERE "name" = 'TASK_UPDATE_TABLE';
While testing and learning in Snowflake, it is critical you set your session "context" correctly, using commands like this:
USE ROLE my_role_here;
USE WAREHOUSE my_warehouse_here;
USE DATABASE my_database_here;
USE SCHEMA my_schema_here;
Doing those four commands, or setting defaults for them for your user will help you tremendously when learning.
I hope this helps...Rich
Without going into why I would like to do this, is it possible (I'll be using a login trigger) to log out a user that has no write permissions to a certain database?
I am able to find the currently logged in users permission, I just need to know if it's possible to log them out?
DECLARE #HasPermission bit
SELECT #HasPermission = HAS_PERMS_BY_NAME('RTEST2.dbo.TestTableSize', 'OBJECT', 'INSERT');
IF #HasPermission = 0
SELECT 'Now this is where id want to log out the user'
One can prevent a user from logging in by executing a ROLLBACK from within a login trigger. As #DavidBrowneMicrosoft mentioned in his comment, it's also a good practice to use a PRINT or RAISERROR statement so that reason for the login failure is logged. This message will not be returned to the client but may be useful for troubleshooting.
IF #HasPermission = 0
BEGIN
PRINT 'User does not have permissions to login';
ROLLBACK;
END;
I want to make a MSSQL Trigger which will Fires in Everyday when date will change.
For MSSS Express editions create MS Windows job which will start Sqlcmd, see https://technet.microsoft.com/en-us/library/ms165702(v=sql.105).aspx
which will run an Sql script. Note, when sqlcmd is run from the command line, sqlcmd uses the OLE DB provider.
How to create a Sqlcmd job by using Windows Task Scheduler https://support.microsoft.com/en-us/kb/2019698 . This article deals with DB backup task. Replace the Sql script at step A with the one you need and adjust following steps accordingly.
You have to schedule a JOB in SQL which will fire in defined time and put your query in JOB
Expand the SQL Server Agent node and right click the Jobs node in SQL Server Agent and select 'New Job'.
In the 'New Job' window enter the name of the job and a description on the 'General' tab.
Select 'Steps' on the left hand side of the window and click 'New' at the bottom.
In the 'Steps' window enter a step name and select the database you want the query to run against.
Paste in the T-SQL command you want to run into the Command window and click 'OK'.
Click on the 'Schedule' menu on the left of the New Job window and enter the schedule information (e.g. daily and a time).
Click 'OK' - and that should be it.
For that purpose you can use PowerShell and Task Sheduler. All action below must be done on the machine where SQL Server is running.
At first create .sql file with a batch to run. I call it my_batch.sql. F.e. with this inside:
USE [MyDB]
INSERT INTO [dbo].[test]
([id]
,[somevalue]
,[New Column]
,[NewColumn])
VALUES
(NEWID()
,'testing'
,'test'
,'just a test')
Do not use GO in this script!
Then create .ps1 script to run that batch file (my_batch.ps1):
$conn=new-object System.Data.SqlClient.SQLConnection
$ConnectionString = "Server=(local)\SQLEXPRESS;Database=MyDB;Integrated Security=True;Connect Timeout=0"
$conn.ConnectionString=$ConnectionString
$conn.Open()
$fileToGetContent = 'D:\my_batch.sql'
$commandText = Get-Content -Path $fileToGetContent
$command = $conn.CreateCommand()
$command.CommandText = $commandText
$command.ExecuteNonQuery()
$conn.Close()
Then create a schedule task. You can make it manually (here is a good sample) or via PowerShell (I prefer this way):
#Create a new trigger that is configured to trigger at startup
$STTrigger = New-ScheduledTaskTrigger -Daily -At 00:01
#Name for the scheduled task
$STName = "Run SQL batch"
#Action to run as
$STAction = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "D:\my_batch.ps1"
#Configure when to stop the task and how long it can run for. In this example it does not stop on idle and uses the maximum possible duration by setting a timelimit of 0
$STSettings = New-ScheduledTaskSettingsSet -DontStopOnIdleEnd -ExecutionTimeLimit ([TimeSpan]::Zero)
#Configure the principal to use for the scheduled task and the level to run as
$STPrincipal = New-ScheduledTaskPrincipal -User "DOMAIN\user" -RunLevel "Highest"
#Register the new scheduled task
Register-ScheduledTask $STName -Action $STAction -Trigger $STTrigger -Principal $STPrincipal -Settings $STSettings